Re: Port 80 Open
On Sun, Oct 28, 2007 at 08:35:30PM -0600, Telly Williams wrote:
> Ansgar, Paolo, and David,
> Thanks for the help. I utilized your ideas and ran nmap and
> nothing comes up (I did this from the same host, though). My
er... is your fw supposed to protect you from yourself? ;)
try a remote scanner like grc.com's.
> logs aren't writing anything now, or is it that my ports can't
look at your itables-save, select a chain that goes through LOG, ask grc.com
to strees a port for that chain. See what happens in the logs.
> be "seen"?). Interestingly (to me), ports 0 and 1 come up as
> closed (from grc.com, I assume because of the set limits that
> make my firewall "adaptive").
If by 'adaptive' you mean the -m state on input, yes. Which is btw true for
any other port you did not open explicitly.
> Only a small minority of people use the forward chain, right? I
dunno ... you need FORWARD only if your machine routes packets for other
machines, eg your machine sits betweeen the LAN and I'net. Or you've got
some fancy virtual machines / alis iface setup.
> Currently, I have OUTPUT accepting NEW,ESTABLISHED,RELATED. If
> I'm thinking right about what you said Ansgar, the only thing I
> need to worry about in OUTPUT is NEW, so I'm about to change it
you need all 3.
> Then why does the site http://www.grc.com keep referring to
> ports as being under stealth? Are they defining "stealth" in a
I guess (checking their port 113 write up) they just mean what the rule
--state ESTABLISHED,RELATED on INPUT does. ie, in their wording, if you have
such rule in INPUT chain (you do, right?) you can proudly say your machine
if fully 'Stealthy(TM)' ;)
> different way? What does one have to gain by propogating this
> "marketing babble"?
hype behind fw sw market. Just marketing, in other words.
For some tech about 'stealth' mode, 'man nmap' - check for -sS -sF -sX
-sN -sI; also check README and man page for hping2 or hping3 for some other
insights. Good reading.